@oneuptime/common 11.0.3 → 11.0.4

package/Server/Infrastructure/Postgres/SchemaMigrations/1782310000000-MigrationName.ts

@@ -0,0 +1,299 @@
+import { MigrationInterface, QueryRunner } from "typeorm";
+
+export class MigrationName1782310000000 implements MigrationInterface {
+  public name = "MigrationName1782310000000";
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSO" DROP CONSTRAINT "FK_GlobalSSO_createdByUserId"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSO" DROP CONSTRAINT "FK_GlobalSSO_deletedByUserId"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDC" DROP CONSTRAINT "FK_GlobalOIDC_createdByUserId"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDC" DROP CONSTRAINT "FK_GlobalOIDC_deletedByUserId"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSOProject" DROP CONSTRAINT "FK_GlobalSSOProject_globalSsoId"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSOProject" DROP CONSTRAINT "FK_GlobalSSOProject_projectId"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSOProject" DROP CONSTRAINT "FK_GlobalSSOProject_createdByUserId"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDCProject" DROP CONSTRAINT "FK_GlobalOIDCProject_globalOidcId"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDCProject" DROP CONSTRAINT "FK_GlobalOIDCProject_projectId"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDCProject" DROP CONSTRAINT "FK_GlobalOIDCProject_createdByUserId"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSOProjectTeam" DROP CONSTRAINT "FK_GlobalSSOProjectTeam_globalSsoProjectId"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSOProjectTeam" DROP CONSTRAINT "FK_GlobalSSOProjectTeam_teamId"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDCProjectTeam" DROP CONSTRAINT "FK_GlobalOIDCProjectTeam_globalOidcProjectId"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDCProjectTeam" DROP CONSTRAINT "FK_GlobalOIDCProjectTeam_teamId"`,
+    );
+    await queryRunner.query(
+      `DROP INDEX "public"."IDX_GlobalSSOProject_globalSsoId"`,
+    );
+    await queryRunner.query(
+      `DROP INDEX "public"."IDX_GlobalSSOProject_projectId"`,
+    );
+    await queryRunner.query(
+      `DROP INDEX "public"."IDX_GlobalSSOProject_globalSsoId_projectId"`,
+    );
+    await queryRunner.query(
+      `DROP INDEX "public"."IDX_GlobalOIDCProject_globalOidcId"`,
+    );
+    await queryRunner.query(
+      `DROP INDEX "public"."IDX_GlobalOIDCProject_projectId"`,
+    );
+    await queryRunner.query(
+      `DROP INDEX "public"."IDX_GlobalOIDCProject_globalOidcId_projectId"`,
+    );
+    await queryRunner.query(
+      `DROP INDEX "public"."IDX_GlobalSSOProjectTeam_globalSsoProjectId"`,
+    );
+    await queryRunner.query(
+      `DROP INDEX "public"."IDX_GlobalSSOProjectTeam_teamId"`,
+    );
+    await queryRunner.query(
+      `DROP INDEX "public"."IDX_GlobalOIDCProjectTeam_globalOidcProjectId"`,
+    );
+    await queryRunner.query(
+      `DROP INDEX "public"."IDX_GlobalOIDCProjectTeam_teamId"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "OnCallDutyPolicyScheduleLayer" ALTER COLUMN "rotation" SET DEFAULT '{"_type":"Recurring","value":{"intervalType":"Day","intervalCount":{"_type":"PositiveNumber","value":1}}}'`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "OnCallDutyPolicyScheduleLayer" ALTER COLUMN "restrictionTimes" SET DEFAULT '{"_type":"RestrictionTimes","value":{"restictionType":"None","dayRestrictionTimes":null,"weeklyRestrictionTimes":[]}}'`,
+    );
+    await queryRunner.query(
+      `CREATE INDEX "IDX_71298cc376a253647839650fb0" ON "GlobalSSOProject" ("globalSsoId") `,
+    );
+    await queryRunner.query(
+      `CREATE INDEX "IDX_a58c789ff9fe63f416b0146084" ON "GlobalSSOProject" ("projectId") `,
+    );
+    await queryRunner.query(
+      `CREATE INDEX "IDX_8e4bf7b1571a065aad6feed4bc" ON "GlobalOIDCProject" ("globalOidcId") `,
+    );
+    await queryRunner.query(
+      `CREATE INDEX "IDX_e8522835aea64186bc53722f31" ON "GlobalOIDCProject" ("projectId") `,
+    );
+    await queryRunner.query(
+      `CREATE INDEX "IDX_390d2b4b9718741c13a9bf3646" ON "GlobalSSOProjectTeam" ("globalSsoProjectId") `,
+    );
+    await queryRunner.query(
+      `CREATE INDEX "IDX_c088ff9d9ca99dd93a8cbeec50" ON "GlobalSSOProjectTeam" ("teamId") `,
+    );
+    await queryRunner.query(
+      `CREATE INDEX "IDX_8c9b95c3d5d24e56c003467e82" ON "GlobalOIDCProjectTeam" ("globalOidcProjectId") `,
+    );
+    await queryRunner.query(
+      `CREATE INDEX "IDX_c11b9a707701e7c10b5b86c9a2" ON "GlobalOIDCProjectTeam" ("teamId") `,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSO" ADD CONSTRAINT "FK_1003cf4114a89a4ff7ec16e7406" FOREIGN KEY ("createdByUserId") REFERENCES "User"("_id") ON DELETE SET NULL ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSO" ADD CONSTRAINT "FK_4f520827496e355d4bdfda66120" FOREIGN KEY ("deletedByUserId") REFERENCES "User"("_id") ON DELETE SET NULL ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDC" ADD CONSTRAINT "FK_b04eac8e1886aefae5e2b16cddc" FOREIGN KEY ("createdByUserId") REFERENCES "User"("_id") ON DELETE SET NULL ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDC" ADD CONSTRAINT "FK_0febb2e4c4d8703fce4bc816b36" FOREIGN KEY ("deletedByUserId") REFERENCES "User"("_id") ON DELETE SET NULL ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSOProject" ADD CONSTRAINT "FK_71298cc376a253647839650fb0b" FOREIGN KEY ("globalSsoId") REFERENCES "GlobalSSO"("_id") ON DELETE CASCADE ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSOProject" ADD CONSTRAINT "FK_a58c789ff9fe63f416b01460840" FOREIGN KEY ("projectId") REFERENCES "Project"("_id") ON DELETE CASCADE ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSOProject" ADD CONSTRAINT "FK_91f47fc5d7c0f09bec7c9dd3e86" FOREIGN KEY ("createdByUserId") REFERENCES "User"("_id") ON DELETE SET NULL ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDCProject" ADD CONSTRAINT "FK_8e4bf7b1571a065aad6feed4bca" FOREIGN KEY ("globalOidcId") REFERENCES "GlobalOIDC"("_id") ON DELETE CASCADE ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDCProject" ADD CONSTRAINT "FK_e8522835aea64186bc53722f314" FOREIGN KEY ("projectId") REFERENCES "Project"("_id") ON DELETE CASCADE ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDCProject" ADD CONSTRAINT "FK_63f1d796f2f259be00f402e936c" FOREIGN KEY ("createdByUserId") REFERENCES "User"("_id") ON DELETE SET NULL ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSOProjectTeam" ADD CONSTRAINT "FK_390d2b4b9718741c13a9bf36467" FOREIGN KEY ("globalSsoProjectId") REFERENCES "GlobalSSOProject"("_id") ON DELETE CASCADE ON UPDATE CASCADE`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSOProjectTeam" ADD CONSTRAINT "FK_c088ff9d9ca99dd93a8cbeec50a" FOREIGN KEY ("teamId") REFERENCES "Team"("_id") ON DELETE CASCADE ON UPDATE CASCADE`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDCProjectTeam" ADD CONSTRAINT "FK_8c9b95c3d5d24e56c003467e820" FOREIGN KEY ("globalOidcProjectId") REFERENCES "GlobalOIDCProject"("_id") ON DELETE CASCADE ON UPDATE CASCADE`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDCProjectTeam" ADD CONSTRAINT "FK_c11b9a707701e7c10b5b86c9a21" FOREIGN KEY ("teamId") REFERENCES "Team"("_id") ON DELETE CASCADE ON UPDATE CASCADE`,
+    );
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDCProjectTeam" DROP CONSTRAINT "FK_c11b9a707701e7c10b5b86c9a21"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDCProjectTeam" DROP CONSTRAINT "FK_8c9b95c3d5d24e56c003467e820"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSOProjectTeam" DROP CONSTRAINT "FK_c088ff9d9ca99dd93a8cbeec50a"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSOProjectTeam" DROP CONSTRAINT "FK_390d2b4b9718741c13a9bf36467"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDCProject" DROP CONSTRAINT "FK_63f1d796f2f259be00f402e936c"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDCProject" DROP CONSTRAINT "FK_e8522835aea64186bc53722f314"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDCProject" DROP CONSTRAINT "FK_8e4bf7b1571a065aad6feed4bca"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSOProject" DROP CONSTRAINT "FK_91f47fc5d7c0f09bec7c9dd3e86"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSOProject" DROP CONSTRAINT "FK_a58c789ff9fe63f416b01460840"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSOProject" DROP CONSTRAINT "FK_71298cc376a253647839650fb0b"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDC" DROP CONSTRAINT "FK_0febb2e4c4d8703fce4bc816b36"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDC" DROP CONSTRAINT "FK_b04eac8e1886aefae5e2b16cddc"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSO" DROP CONSTRAINT "FK_4f520827496e355d4bdfda66120"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSO" DROP CONSTRAINT "FK_1003cf4114a89a4ff7ec16e7406"`,
+    );
+    await queryRunner.query(
+      `DROP INDEX "public"."IDX_c11b9a707701e7c10b5b86c9a2"`,
+    );
+    await queryRunner.query(
+      `DROP INDEX "public"."IDX_8c9b95c3d5d24e56c003467e82"`,
+    );
+    await queryRunner.query(
+      `DROP INDEX "public"."IDX_c088ff9d9ca99dd93a8cbeec50"`,
+    );
+    await queryRunner.query(
+      `DROP INDEX "public"."IDX_390d2b4b9718741c13a9bf3646"`,
+    );
+    await queryRunner.query(
+      `DROP INDEX "public"."IDX_e8522835aea64186bc53722f31"`,
+    );
+    await queryRunner.query(
+      `DROP INDEX "public"."IDX_8e4bf7b1571a065aad6feed4bc"`,
+    );
+    await queryRunner.query(
+      `DROP INDEX "public"."IDX_a58c789ff9fe63f416b0146084"`,
+    );
+    await queryRunner.query(
+      `DROP INDEX "public"."IDX_71298cc376a253647839650fb0"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "OnCallDutyPolicyScheduleLayer" ALTER COLUMN "restrictionTimes" SET DEFAULT '{"_type": "RestrictionTimes", "value": {"restictionType": "None", "dayRestrictionTimes": null, "weeklyRestrictionTimes": []}}'`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "OnCallDutyPolicyScheduleLayer" ALTER COLUMN "rotation" SET DEFAULT '{"_type": "Recurring", "value": {"intervalType": "Day", "intervalCount": {"_type": "PositiveNumber", "value": 1}}}'`,
+    );
+    await queryRunner.query(
+      `CREATE INDEX "IDX_GlobalOIDCProjectTeam_teamId" ON "GlobalOIDCProjectTeam" ("teamId") `,
+    );
+    await queryRunner.query(
+      `CREATE INDEX "IDX_GlobalOIDCProjectTeam_globalOidcProjectId" ON "GlobalOIDCProjectTeam" ("globalOidcProjectId") `,
+    );
+    await queryRunner.query(
+      `CREATE INDEX "IDX_GlobalSSOProjectTeam_teamId" ON "GlobalSSOProjectTeam" ("teamId") `,
+    );
+    await queryRunner.query(
+      `CREATE INDEX "IDX_GlobalSSOProjectTeam_globalSsoProjectId" ON "GlobalSSOProjectTeam" ("globalSsoProjectId") `,
+    );
+    await queryRunner.query(
+      `CREATE UNIQUE INDEX "IDX_GlobalOIDCProject_globalOidcId_projectId" ON "GlobalOIDCProject" ("globalOidcId", "projectId") `,
+    );
+    await queryRunner.query(
+      `CREATE INDEX "IDX_GlobalOIDCProject_projectId" ON "GlobalOIDCProject" ("projectId") `,
+    );
+    await queryRunner.query(
+      `CREATE INDEX "IDX_GlobalOIDCProject_globalOidcId" ON "GlobalOIDCProject" ("globalOidcId") `,
+    );
+    await queryRunner.query(
+      `CREATE UNIQUE INDEX "IDX_GlobalSSOProject_globalSsoId_projectId" ON "GlobalSSOProject" ("globalSsoId", "projectId") `,
+    );
+    await queryRunner.query(
+      `CREATE INDEX "IDX_GlobalSSOProject_projectId" ON "GlobalSSOProject" ("projectId") `,
+    );
+    await queryRunner.query(
+      `CREATE INDEX "IDX_GlobalSSOProject_globalSsoId" ON "GlobalSSOProject" ("globalSsoId") `,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDCProjectTeam" ADD CONSTRAINT "FK_GlobalOIDCProjectTeam_teamId" FOREIGN KEY ("teamId") REFERENCES "Team"("_id") ON DELETE CASCADE ON UPDATE CASCADE`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDCProjectTeam" ADD CONSTRAINT "FK_GlobalOIDCProjectTeam_globalOidcProjectId" FOREIGN KEY ("globalOidcProjectId") REFERENCES "GlobalOIDCProject"("_id") ON DELETE CASCADE ON UPDATE CASCADE`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSOProjectTeam" ADD CONSTRAINT "FK_GlobalSSOProjectTeam_teamId" FOREIGN KEY ("teamId") REFERENCES "Team"("_id") ON DELETE CASCADE ON UPDATE CASCADE`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSOProjectTeam" ADD CONSTRAINT "FK_GlobalSSOProjectTeam_globalSsoProjectId" FOREIGN KEY ("globalSsoProjectId") REFERENCES "GlobalSSOProject"("_id") ON DELETE CASCADE ON UPDATE CASCADE`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDCProject" ADD CONSTRAINT "FK_GlobalOIDCProject_createdByUserId" FOREIGN KEY ("createdByUserId") REFERENCES "User"("_id") ON DELETE SET NULL ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDCProject" ADD CONSTRAINT "FK_GlobalOIDCProject_projectId" FOREIGN KEY ("projectId") REFERENCES "Project"("_id") ON DELETE CASCADE ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDCProject" ADD CONSTRAINT "FK_GlobalOIDCProject_globalOidcId" FOREIGN KEY ("globalOidcId") REFERENCES "GlobalOIDC"("_id") ON DELETE CASCADE ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSOProject" ADD CONSTRAINT "FK_GlobalSSOProject_createdByUserId" FOREIGN KEY ("createdByUserId") REFERENCES "User"("_id") ON DELETE SET NULL ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSOProject" ADD CONSTRAINT "FK_GlobalSSOProject_projectId" FOREIGN KEY ("projectId") REFERENCES "Project"("_id") ON DELETE CASCADE ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSOProject" ADD CONSTRAINT "FK_GlobalSSOProject_globalSsoId" FOREIGN KEY ("globalSsoId") REFERENCES "GlobalSSO"("_id") ON DELETE CASCADE ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDC" ADD CONSTRAINT "FK_GlobalOIDC_deletedByUserId" FOREIGN KEY ("deletedByUserId") REFERENCES "User"("_id") ON DELETE SET NULL ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDC" ADD CONSTRAINT "FK_GlobalOIDC_createdByUserId" FOREIGN KEY ("createdByUserId") REFERENCES "User"("_id") ON DELETE SET NULL ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSO" ADD CONSTRAINT "FK_GlobalSSO_deletedByUserId" FOREIGN KEY ("deletedByUserId") REFERENCES "User"("_id") ON DELETE SET NULL ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSO" ADD CONSTRAINT "FK_GlobalSSO_createdByUserId" FOREIGN KEY ("createdByUserId") REFERENCES "User"("_id") ON DELETE SET NULL ON UPDATE NO ACTION`,
+    );
+  }
+}

package/Server/Infrastructure/Postgres/SchemaMigrations/1782400000000-RemoveIsTestedFromGlobalSsoAndOidc.ts

@@ -0,0 +1,21 @@
+import { MigrationInterface, QueryRunner } from "typeorm";
+
+export class RemoveIsTestedFromGlobalSsoAndOidc1782400000000
+  implements MigrationInterface
+{
+  public name = "RemoveIsTestedFromGlobalSsoAndOidc1782400000000";
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(`ALTER TABLE "GlobalSSO" DROP COLUMN "isTested"`);
+    await queryRunner.query(`ALTER TABLE "GlobalOIDC" DROP COLUMN "isTested"`);
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `ALTER TABLE "GlobalOIDC" ADD "isTested" boolean NOT NULL DEFAULT false`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "GlobalSSO" ADD "isTested" boolean NOT NULL DEFAULT false`,
+    );
+  }
+}

package/Server/Infrastructure/Postgres/SchemaMigrations/Index.ts

@@ -386,10 +386,16 @@ import { MigrationName1781250074195 } from "./1781250074195-MigrationName";
 import { AddTelemetryEntityLabels1781300000000 } from "./1781300000000-AddTelemetryEntityLabels";
 import { AddServiceTelemetrySdkLanguage1781400000000 } from "./1781400000000-AddServiceTelemetrySdkLanguage";
 import { AddProxmoxAndCephClusterTables1781500000000 } from "./1781500000000-AddProxmoxAndCephClusterTables";
-import { MigrationName1781587937032 } from "./1781587937032-MigrationName";
 import { AddProxmoxCephV2Columns1781600000000 } from "./1781600000000-AddProxmoxCephV2Columns";
 import { AddProxmoxCephActivityAndRules1781600000001 } from "./1781600000001-AddProxmoxCephActivityAndRules";
 import { AddProxmoxCephV3Columns1781700000000 } from "./1781700000000-AddProxmoxCephV3Columns";
+import { MigrationName1781750000000 } from "./1781750000000-MigrationName";
+import { AddGlobalSsoAndOidc1782000000000 } from "./1782000000000-AddGlobalSsoAndOidc";
+import { AddStatusPageImageAltText1782100000000 } from "./1782100000000-AddStatusPageImageAltText";
+import { AddRequireSsoForLoginToGlobalProviders1782200000000 } from "./1782200000000-AddRequireSsoForLoginToGlobalProviders";
+import { MoveRequireSsoForLoginToGlobalConfig1782300000000 } from "./1782300000000-MoveRequireSsoForLoginToGlobalConfig";
+import { MigrationName1782310000000 } from "./1782310000000-MigrationName";
+import { RemoveIsTestedFromGlobalSsoAndOidc1782400000000 } from "./1782400000000-RemoveIsTestedFromGlobalSsoAndOidc";
 
 export default [
   InitialMigration,
@@ -783,5 +789,11 @@ export default [
   AddProxmoxCephV2Columns1781600000000,
   AddProxmoxCephActivityAndRules1781600000001,
   AddProxmoxCephV3Columns1781700000000,
-  MigrationName1781587937032,
+  MigrationName1781750000000,
+  AddGlobalSsoAndOidc1782000000000,
+  AddStatusPageImageAltText1782100000000,
+  AddRequireSsoForLoginToGlobalProviders1782200000000,
+  MoveRequireSsoForLoginToGlobalConfig1782300000000,
+  MigrationName1782310000000,
+  RemoveIsTestedFromGlobalSsoAndOidc1782400000000,
 ];

package/Server/Middleware/UserAuthorization.ts

@@ -1,8 +1,8 @@
 import AccessTokenService from "../Services/AccessTokenService";
+import GlobalConfigService from "../Services/GlobalConfigService";
 import ProjectService from "../Services/ProjectService";
 import TeamMemberService from "../Services/TeamMemberService";
 import UserService from "../Services/UserService";
-import QueryHelper from "../Types/Database/QueryHelper";
 import CookieUtil from "../Utils/Cookie";
 import {
   ExpressRequest,
@@ -16,7 +16,6 @@ import logger, { getLogAttributesFromRequest } from "../Utils/Logger";
 import Response from "../Utils/Response";
 import ProjectMiddleware from "./ProjectAuthorization";
 import SpanUtil from "../Utils/Telemetry/SpanUtil";
-import { LIMIT_PER_PROJECT } from "../../Types/Database/LimitMax";
 import Dictionary from "../../Types/Dictionary";
 import Exception from "../../Types/Exception/Exception";
 import NotAuthenticatedException from "../../Types/Exception/NotAuthenticatedException";
@@ -35,7 +34,6 @@ import Permission, {
   UserTenantAccessPermission,
 } from "../../Types/Permission";
 import UserType from "../../Types/UserType";
-import Project from "../../Models/DatabaseModels/Project";
 import UserPermissionUtil from "../Utils/UserPermission/UserPermission";
 
 export default class UserMiddleware {
@@ -170,6 +168,7 @@ export default class UserMiddleware {
     req: ExpressRequest,
     projectId: ObjectID,
     userId: ObjectID,
+    requiredSsoProviderId?: ObjectID | undefined,
   ): boolean {
     const ssoTokens: Dictionary<string> = this.getSsoTokens(req);
 
@@ -181,6 +180,25 @@ export default class UserMiddleware {
         decodedData.projectId?.toString() === projectId.toString() &&
         decodedData.userId.toString() === userId.toString()
       ) {
+        /*
+         * Specific-IdP enforcement: when the project requires a specific SSO
+         * provider, the token must carry a matching `ssoProviderId`
+         * discriminator. Tokens issued before this field existed (no
+         * discriminator) do not satisfy a specific-provider requirement.
+         */
+        if (requiredSsoProviderId) {
+          const tokenProviderId: string | undefined = decodedData.ssoProviderId
+            ? decodedData.ssoProviderId.toString()
+            : undefined;
+
+          if (
+            !tokenProviderId ||
+            tokenProviderId !== requiredSsoProviderId.toString()
+          ) {
+            return false;
+          }
+        }
+
         return true;
       }
     }
@@ -493,12 +511,15 @@ export default class UserMiddleware {
   }): Promise<UserTenantAccessPermission | null> {
     const { req, tenantId, userId } = data;
 
+    const isMasterAdmin: boolean =
+      (req as OneUptimeRequest).userAuthorization?.isMasterAdmin === true;
+
     /*
      * Resolve the SSO requirement and the tenant permission in parallel.
      * `getRequireSsoForLogin` is cached in-process for 60s, so this is
      * usually free; the tenant permission lookup is the expensive call.
      */
-    const [requireSsoForLogin, tenantPermission]: [
+    const [projectRequireSsoForLogin, tenantPermission]: [
       boolean,
       UserTenantAccessPermission | null,
     ] = await Promise.all([
@@ -515,11 +536,42 @@ export default class UserMiddleware {
       AccessTokenService.getUserTenantAccessPermission(userId, tenantId),
     ]);
 
-    if (
-      requireSsoForLogin &&
-      !UserMiddleware.doesSsoTokenForProjectExist(req, tenantId, userId)
-    ) {
-      throw new SsoAuthorizationException();
+    /*
+     * The instance-wide "Require SSO for Login" flag (GlobalConfig) forces SSO
+     * on every project. Master admins are exempt so a misconfigured global SSO
+     * can't lock them out — a project's own requireSsoForLogin still applies to
+     * them. Only checked when the project doesn't already enforce SSO.
+     */
+    let requireSsoForLogin: boolean = projectRequireSsoForLogin;
+    if (!requireSsoForLogin && !isMasterAdmin) {
+      requireSsoForLogin =
+        await GlobalConfigService.getRequireSsoForLogin().catch(() => {
+          return false;
+        });
+    }
+
+    if (requireSsoForLogin) {
+      /*
+       * Only resolve the specific-provider requirement when SSO is enforced.
+       * The provider-id cache is already warm from getRequireSsoForLogin above.
+       */
+      const requiredSsoProviderId: ObjectID | null =
+        await ProjectService.getRequireSsoWithSsoProviderId(tenantId).catch(
+          () => {
+            return null;
+          },
+        );
+
+      if (
+        !UserMiddleware.doesSsoTokenForProjectExist(
+          req,
+          tenantId,
+          userId,
+          requiredSsoProviderId ?? undefined,
+        )
+      ) {
+        throw new SsoAuthorizationException();
+      }
     }
 
     return tenantPermission;
@@ -535,48 +587,67 @@ export default class UserMiddleware {
       return null;
     }
 
-    const projects: Array<Project> = await ProjectService.findBy({
-      query: {
-        _id: QueryHelper.any(
-          projectIds.map((i: ObjectID) => {
-            return i.toString();
-          }) || [],
-        ),
-      },
-      select: {
-        requireSsoForLogin: true,
-      },
-      limit: LIMIT_PER_PROJECT,
-      skip: 0,
-      props: {
-        isRoot: true,
-      },
-    });
+    const isMasterAdmin: boolean =
+      (req as OneUptimeRequest).userAuthorization?.isMasterAdmin === true;
+
+    /*
+     * Instance-wide "Require SSO for Login" forces SSO on every project. Master
+     * admins are exempt. Resolved once (cached) rather than per project.
+     */
+    const globalRequireSsoForLogin: boolean = isMasterAdmin
+      ? false
+      : await GlobalConfigService.getRequireSsoForLogin().catch(() => {
+          return false;
+        });
 
     /*
-     * Resolve permissions for every project in parallel. With the previous
-     * for-await loop this scaled linearly with project count, adding one
-     * round-trip per project even on cache hits.
+     * Resolve permissions for every project in parallel. A project's own
+     * requireSsoForLogin is read through the cached getter; the global flag is
+     * OR'd in so enforcement matches the single-tenant path.
      */
     const resolved: Array<{
       projectId: ObjectID;
       permission: UserTenantAccessPermission | null;
     }> = await Promise.all(
       projectIds.map(async (projectId: ObjectID) => {
-        if (
-          projects.find((p: Project) => {
-            return p._id === projectId.toString() && p.requireSsoForLogin;
-          }) &&
-          !UserMiddleware.doesSsoTokenForProjectExist(req, projectId, userId)
-        ) {
-          return {
-            projectId,
-            permission:
-              UserPermissionUtil.getDefaultUserTenantAccessPermission(
-                projectId,
-              ),
-          };
+        const projectRequireSsoForLogin: boolean =
+          await ProjectService.getRequireSsoForLogin(projectId).catch(() => {
+            /*
+             * Unknown/inaccessible project: do not enforce SSO here. Actual
+             * access is still gated by AccessTokenService below.
+             */
+            return false;
+          });
+
+        const requireSsoForLogin: boolean =
+          projectRequireSsoForLogin || globalRequireSsoForLogin;
+
+        if (requireSsoForLogin) {
+          const requiredSsoProviderId: ObjectID | null =
+            await ProjectService.getRequireSsoWithSsoProviderId(
+              projectId,
+            ).catch(() => {
+              return null;
+            });
+
+          if (
+            !UserMiddleware.doesSsoTokenForProjectExist(
+              req,
+              projectId,
+              userId,
+              requiredSsoProviderId ?? undefined,
+            )
+          ) {
+            return {
+              projectId,
+              permission:
+                UserPermissionUtil.getDefaultUserTenantAccessPermission(
+                  projectId,
+                ),
+            };
+          }
         }
+
         return {
           projectId,
           permission: await AccessTokenService.getUserTenantAccessPermission(

package/Server/Services/GlobalConfigService.ts

@@ -1,10 +1,60 @@
 import DatabaseService from "./DatabaseService";
 import Model from "../../Models/DatabaseModels/GlobalConfig";
+import InMemoryTTLCache from "../Infrastructure/InMemoryTTLCache";
+import ObjectID from "../../Types/ObjectID";
+import { OnUpdate } from "../Types/Database/Hooks";
+import CaptureSpan from "../Utils/Telemetry/CaptureSpan";
 
 export class Service extends DatabaseService<Model> {
+  /*
+   * Caches the instance-wide "Require SSO for Login" flag. This is read on the
+   * authenticated request path (per project), so it must not hit Postgres every
+   * time. Refreshed at most once per 60s and invalidated on update below.
+   */
+  private requireSsoForLoginCache: InMemoryTTLCache<boolean> =
+    new InMemoryTTLCache(10_000);
+
   public constructor() {
     super(Model);
   }
+
+  /*
+   * Instance-wide: must every user sign in with SSO to access projects?
+   * (Master admins are exempted by the enforcement layer, not here.)
+   */
+  @CaptureSpan()
+  public async getRequireSsoForLogin(): Promise<boolean> {
+    const key: string = "global";
+    const cached: boolean | undefined = this.requireSsoForLoginCache.get(key);
+    if (cached !== undefined) {
+      return cached;
+    }
+
+    const config: Model | null = await this.findOneBy({
+      query: {},
+      select: { requireSsoForLogin: true },
+      props: { isRoot: true },
+    });
+
+    const value: boolean = Boolean(config?.requireSsoForLogin);
+    this.requireSsoForLoginCache.set(key, value, 60_000);
+    return value;
+  }
+
+  @CaptureSpan()
+  protected override async onUpdateSuccess(
+    onUpdate: OnUpdate<Model>,
+    _updatedItemIds: Array<ObjectID>,
+  ): Promise<OnUpdate<Model>> {
+    if (
+      (onUpdate.updateBy.data as { requireSsoForLogin?: unknown })
+        .requireSsoForLogin !== undefined
+    ) {
+      this.requireSsoForLoginCache.clear();
+    }
+
+    return onUpdate;
+  }
 }
 
 export default new Service();